nanog mailing list archives
Re: ipmi access
From: "Paul S." <contact () winterei se>
Date: Mon, 02 Jun 2014 21:23:36 +0900
On 6/2/2014 午後 09:19, Andrew Latham wrote:
I use OpenVPN to access an Admin/sandboxed network with insecure portals, wiki, and ipmi. On Jun 2, 2014 7:13 AM, "Randy Bush" <randy () psg com> wrote:so how to folk protect yet access ipmi? it is pretty vulnerable, so 99% of the time i want it blocked off. but that other 1%, i want kvm console, remote media, and dim sum. currently, i just block the ip address chunk into which i put ipmi at the border of the rack. when i want access, i reconfig the acl. bit of a pita. anyone care to share better idea(s)? thanks. randy
Depends.On most ATEN chip based BMC boards from Supermicro, it includes a UI to iptables that works in the same way.
You could put it on a public net, allow your stuff and DROP 0.0.0.0/0.But unless you have servers with those, I think the best way to go is putting them on internal IPs and then using some sort of a VPN.
Current thread:
- ipmi access Randy Bush (Jun 02)
- Re: ipmi access Andrew Latham (Jun 02)
- Re: ipmi access Paul S. (Jun 02)
- Re: ipmi access Jeroen Massar (Jun 02)
- Re: ipmi access Paul S. (Jun 02)
- Re: ipmi access Brian Rak (Jun 02)
- Re: ipmi access Paul S. (Jun 02)
- Re: ipmi access Randy Bush (Jun 02)
- Re: ipmi access Andrew Latham (Jun 02)
- Re: ipmi access coy . hile (Jun 02)
- Re: ipmi access shawn wilson (Jun 02)
- Re: ipmi access Chris Adams (Jun 02)
- Re: ipmi access Jimmy Hess (Jun 02)
- Re: ipmi access shawn wilson (Jun 02)
- Re: ipmi access Andrew Latham (Jun 02)